tqcq/cpp-project-template
0
0
Fork 0
Code Issues Pull Requests Actions Projects Releases Activity
Files
c68893bace1a934781ca928b461ee42a7d3a4bec
cpp-project-template/third_party/prometheus/3rdparty/civetweb/resources/cert/make_certs.sh
tqcq c68893bace
Some checks failed
sm-rpc / build (Debug, aarch64-linux-gnu) (push) Failing after 29s
Details
sm-rpc / build (Debug, arm-linux-gnueabihf) (push) Failing after 16s
Details
sm-rpc / build (Debug, host.gcc) (push) Failing after 11s
Details
sm-rpc / build (Debug, mipsel-linux-gnu) (push) Failing after 12s
Details
sm-rpc / build (Release, aarch64-linux-gnu) (push) Failing after 11s
Details
sm-rpc / build (Release, arm-linux-gnueabihf) (push) Failing after 11s
Details
sm-rpc / build (Release, host.gcc) (push) Failing after 12s
Details
sm-rpc / build (Release, mipsel-linux-gnu) (push) Failing after 16s
Details
feat add spdlog
2025-08-22 18:22:57 +08:00

93 lines
3.4 KiB
Bash
Raw Blame History

#!/bin/sh
server_name="localhost"
cert_subject="/C=XX/ST=ExampleState/L=ExampleCity/O=ExampleCorp/OU=ExampleDepartment/CN=$server_name"
echo "Creating new certificates"
rm server.* client.* rootCA.* server_bkup.*
echo "Using 'pass' for every password"
echo "Generating a root CA ..."
openssl genrsa -passout pass:pass -out rootCA.key 2048
openssl req -passout pass:pass -new -key rootCA.key -out rootCA.csr -subj $cert_subject
# For a test certificate, use "AA" as "user assigned" language code: https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2#AA
cp rootCA.key rootCA.key.orig
openssl rsa -in rootCA.key.orig -out rootCA.key
openssl x509 -req -days 3651 -in rootCA.csr -signkey rootCA.key -out rootCA.crt
cp rootCA.crt rootCA.pem
cat rootCA.key >> rootCA.pem
echo "Generating client certificate ..."
openssl genrsa -passout pass:pass -out client.key 2048
openssl req -passout pass:pass -new -key client.key -out client.csr -subj $cert_subject
cp client.key client.key.orig
openssl rsa -in client.key.orig -out client.key
openssl x509 -req -days 3650 -in client.csr -signkey client.key -out client.crt
cp client.crt client.pem
cat client.key >> client.pem
openssl pkcs12 -passout pass:pass -export -inkey client.key -in client.pem -name ClientName -out client.pfx
echo "Generating first server certificate ..."
openssl genrsa -passout pass:pass -out server.key 2048
openssl req -passout pass:pass -new -key server.key -out server.csr -subj $cert_subject
cp server.key server.key.orig
openssl rsa -in server.key.orig -out server.key
echo "authorityKeyIdentifier=keyid,issuer" > server.ext
echo "basicConstraints=critical,CA:FALSE" >> server.ext
echo "keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment" >> server.ext
echo "subjectAltName=DNS:$server_name" >> server.ext
openssl x509 -req -days 3650 -sha256 -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -extfile server.ext -in server.csr -out server.crt
#openssl x509 -req -days 3650 -sha256 -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -extfile server.ext -in server.csr -signkey server.key -out server.crt
#openssl x509 -req -days 3650 -sha256 -extfile server.ext -in server.csr -signkey server.key -out server.crt
cp server.crt server.pem
cat server.key >> server.pem
cat rootCA.crt >> server.pem
openssl pkcs12 -passout pass:pass -export -inkey server.key -in server.pem -name ServerName -out server.pfx
echo "First server certificate hash for Public-Key-Pins header:"
openssl x509 -pubkey < server.crt | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 > server.pin
cat server.pin
echo "Generating backup server certificate ..."
openssl genrsa -passout pass:pass -out server_bkup.key 2048
openssl req -passout pass:pass -new -key server_bkup.key -out server_bkup.csr -subj $cert_subject
cp server_bkup.key server_bkup.key.orig
openssl rsa -in server_bkup.key.orig -out server_bkup.key
openssl x509 -req -days 3650 -in server_bkup.csr -signkey server_bkup.key -out server_bkup.crt
cp server_bkup.crt server_bkup.pem
cat server_bkup.key >> server_bkup.pem
openssl pkcs12 -passout pass:pass -export -inkey server_bkup.key -in server_bkup.pem -name ServerName -out server_bkup.pfx
echo "Backup server certificate hash for Public-Key-Pins header:"
openssl x509 -pubkey < server_bkup.crt | openssl pkey -pubin -outform der | openssl dgst -sha256 -binary | base64 > server_bkup.pin
cat server_bkup.pin
Reference in New Issue View Git Blame Copy Permalink